zeus
/
lab
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

iptables

master
test2 5 years ago
parent
e6d1c5e747
commit
7fe1533c0c
1 changed files with 17 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 25
      sec/ex-3_iptables.adoc

25
sec/ex-3_iptables.adoc
View File

@ -1,4 +1,4 @@
= Network analysis !
= Iptables !
Apostolos rootApostolos@swarmlab.io
// Metadata:
:description: Intro and Install
@ -30,14 +30,13 @@ Assuming you're already logged in
====
**tcpdump** is a common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software.
https://en.wikipedia.org/wiki/Tcpdump[More: wikipedia]
== iptables
**iptables** is a command line utility for configuring Linux kernel **firewall** implemented within the [[Wikipedia:Netfilter|Netfilter]] project. The term ''iptables'' is also commonly used to refer to this kernel-level firewall. It can be configured directly with iptables, or by using one of the many
**iptables** is a command line utility for configuring Linux kernel **firewall** implemented within the https://en.wikipedia.org/wiki/Netfilter[Netfilter] project. The term ''iptables'' is also commonly used to refer to this kernel-level firewall. It can be configured directly with iptables, or by using one of the many
https://en.wikipedia.org/wiki/Iptables[More: wikipedia]
- Console tools
@ -45,7 +44,7 @@ and
- Graphical front-ends.
''iptables'' is used for [[Wikipedia:IPv4|IPv4]] and ''ip6tables'' is used for [[IPv6]]. Both ''iptables'' and ''ip6tables'' have the same syntax, but some options are specific to either IPv4 or IPv6.
''iptables'' is used for https://en.wikipedia.org/wiki/IPv4[IPv4] and ''ip6tables'' is used for ihttps://en.wikipedia.org/wiki/IPv6[IPv6]. Both ''iptables'' and ''ip6tables'' have the same syntax, but some options are specific to either IPv4 or IPv6.
=== Installation
@ -57,12 +56,22 @@ The Swarmlab.io kernel is compiled with iptables support.
==== Console
* {{App|Arno's firewall|Secure firewall for both single and multi-homed machines. Very easy to configure, handy to manage and highly customizable. Supports: NAT and SNAT, port forwarding, ADSL ethernet modems with both static and dynamically assigned IPs, MAC address filtering, stealth port scan detection, DMZ and DMZ-2-LAN forwarding, protection against SYN/ICMP flooding, extensive user definable logging with rate limiting to prevent log flooding, all IP protocols and VPNs such as IPsec, plugin support to add extra features.|http://rocky.eld.leidenuniv.nl/|{{AUR|arno-iptables-firewall}}}}
- Shorewall, High-level tool for configuring Netfilter.
You describe your firewall/gateway requirements using entries in a set of configuration files.
http://www.shorewall.net/[shorewall]
- Arno's Secure firewall for both single and multi-homed machines.
Very easy to configure, handy to manage and highly customizable. Supports: NAT and SNAT, port forwarding, ADSL ethernet modems with both static and dynamically assigned IPs, MAC address filtering, stealth port scan detection, DMZ and DMZ-2-LAN forwarding, protection against SYN/ICMP flooding, extensive user definable logging with rate limiting to prevent log flooding, all IP protocols and VPNs such as IPsec, plugin support to add extra features.|
http://rocky.eld.leidenuniv.nl/[arno-iptables-firewall]
* {{App|ferm|Tool to maintain complex firewalls, without having the trouble to rewrite the complex rules over and over again. It allows the entire firewall rule set to be stored in a separate file, and to be loaded with one command. The firewall configuration resembles structured programming-like language, which can contain levels and lists.|http://ferm.foo-projects.org/|{{Pkg|ferm}}}}
* {{App|[[Wikipedia:FireHOL|FireHOL]]|Language to express firewalling rules, not just a script that produces some kind of a firewall. It makes building even sophisticated firewalls easy - the way you want it.|http://firehol.sourceforge.net/|{{AUR|firehol}}}}
* {{App|Firetable|Tool to maintain an IPtables firewall. Each interface can be configured separately via its own configuration file, which holds an easy and human readable syntax.|https://gitlab.com/hsleisink/firetable|{{AUR|firetable}}}}
* {{App|[[firewalld]] (firewall-cmd)|Daemon and console interface for configuring network and firewall zones as well as setting up and configuring firewall rules.|https://firewalld.org/|{{Pkg|firewalld}}}}
* {{App|[[Shorewall]]|High-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files.|http://www.shorewall.net/|{{Pkg|shorewall}}}}
* {{App|[[Uncomplicated Firewall]]|Simple front-end for iptables.|https://launchpad.net/ufw|{{Pkg|ufw}}}}
* {{App|[[PeerGuardian Linux|PeerGuardian]] (pglcmd)|Privacy oriented firewall application. It blocks connections to and from hosts specified in huge block lists (thousands or millions of IP ranges).|http://sourceforge.net/projects/peerguardian/|{{AUR|pgl}}}}
* {{App|Vuurmuur|Powerful firewall manager. It has a simple and easy to learn configuration that allows both simple and complex configurations. The configuration can be fully configured through an {{Pkg|ncurses}} GUI, which allows secure remote administration through SSH or on the console. Vuurmuur supports traffic shaping, has powerful monitoring features, which allow the administrator to look at the logs, connections and bandwidth usage in realtime.|https://www.vuurmuur.org/|{{AUR|vuurmuur}}}}

Write Preview
Loading…
Cancel
Save